CVE-2020-14326

HIGH7.5EPSS 0.38%

RESTEasy 4.5.5.Final in hash flooding

發布日:2022/3/18修改日:2024/2/19

描述

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

受影響套件(1)

Maven/org.jboss.resteasy:resteasy-bomfrom 0, < 4.5.6.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-14326
PATCHhttps://github.com/resteasy/Resteasy
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1855826
WEBhttps://github.com/resteasy/Resteasy/pull/2471
WEBhttps://security.netapp.com/advisory/ntap-20210713-0001